1 matches found
Jellyfin Web Cross-Site Scripting (XSS) via Collection Name
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...